int make_decision(int sessionid) { #define NUM_RETURN_VALUES 2 char *returnvalues[NUM_RETURN_VALUES]; int i,j; /* Set the return values for this application -- just "false" and "true" */ returnvalues[0] = "false"; returnvalues[1] = "true"; /* Just do the query. */ j = kn_do_query(sessionid, returnvalues, NUM_RETURN_VALUES); if (j == -1) { switch (j) { case ERROR_MEMORY: fprintf(stderr, "Out of memory while performing authorization " "query.\n"); break; case ERROR_NOTFOUND: fprintf(stderr, "Session %d not found while performing " "authorization query.\n", sessionid); break; default: fprintf(stderr, "Unspecified error %d (shouldn't happen) " "while performing authorization query.\n", keynote_errno); break; } } else { fprintf(stdout, "Return value is [%s]\n", returnvalues[j]); } /* Destroy the session, freeing all allocated memory. */ kn_close(sessionid); return(j); }
/* * Simple API for doing a single KeyNote query. */ int kn_query(struct environment *env, char **retvalues, int numval, char **trusted, int *trustedlen, int numtrusted, char **untrusted, int *untrustedlen, int numuntrusted, char **authorizers, int numauthorizers) { struct environment *en; int sessid, i, serrno; keynote_errno = 0; if ((sessid = kn_init()) == -1) return -1; /* Action set */ for (en = env; en != (struct environment *) NULL; en = en->env_next) if (kn_add_action(sessid, en->env_name, en->env_value, en->env_flags) == -1) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Locally trusted assertions */ for (i = 0; i < numtrusted; i++) if ((kn_add_assertion(sessid, trusted[i], trustedlen[i], ASSERT_FLAG_LOCAL) == -1) && (keynote_errno == ERROR_MEMORY)) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Untrusted assertions */ for (i = 0; i < numuntrusted; i++) if ((kn_add_assertion(sessid, untrusted[i], untrustedlen[i], 0) == -1) && (keynote_errno == ERROR_MEMORY)) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Authorizers */ for (i = 0; i < numauthorizers; i++) if (kn_add_authorizer(sessid, authorizers[i]) == -1) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } i = kn_do_query(sessid, retvalues, numval); serrno = keynote_errno; kn_close(sessid); if (serrno) keynote_errno = serrno; return i; }